CVE-2025-0060

SAP BusinessObjects Business Intelligence Platform allows an authenticated user with restricted access to inject malicious JS code which can read sensitive information from the server and send it to the attacker. The attacker could further use this information to impersonate as a high privileged...

WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables

Cybersecurity researchers are warning of a new stealthy credit card skimmer campaign that targets WordPress e-commerce checkout pages by inserting malicious JavaScript code into a database table associated with the content management system CMS. "This credit card skimmer malware targeting WordPre...

Cross-Site Scripting (XSS)

Trix is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of the link field, allowing attackers to trick users into pasting a malicious javascript: URL, which could execute arbitrary JavaScript code within the user's session...

SAP BusinessObjects Business Intelligence Platform 代码注入漏洞

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP, combining market-leading SAP data integration products, data management products and business intelligence products to eliminate system integration challenges and quickly and easily deploy...

SAP NetWeaver AS 代码问题漏洞

SAP NetWeaver AS is an SAP web application server from SAP, Germany. It not only provides web services, but is also the basic platform for SAP software. A code issue vulnerability exists in SAP NetWeaver AS, which stems from susceptibility to a stored cross-site scripting attack that allows an...

Palo Alto Networks Expedition 安全漏洞

Palo Alto Networks Expedition is a tool from Palo Alto Networks, Inc. that helps with configuration migration, tuning, and enrichment. A security vulnerability exists in Palo Alto Networks Expedition. An attacker exploiting this vulnerability could execute malicious JavaScript code in this user's...

CVE-2025-22132 WeGIA has a Cross-Site Scripting (XSS) in File Upload Field

WeGIA is a web manager for charitable institutions. A Cross-Site Scripting XSS vulnerability was identified in the file upload functionality of the WeGIA/html/socio/sistema/controller/controlaxlsx.php endpoint. By uploading a file containing malicious JavaScript code, an attacker can execute...

Cross-Site Scripting (XSS)

Piranha is vulnerable to a Cross-site scripting XSS. The vulnerability is due to insufficient validation of uploaded PDF files, allowing authenticated remote attackers to upload crafted files containing malicious JavaScript code that executes when a victim interacts with the file in their web...

Koji Cross-site Scripting

A vulnerability in Koji was found. An unsanitized input allows for an XSS attack. Javascript code from a malicious link could be reflected in the resulting web page. It is not expected to be able to submit an action or make a change in Koji due to existing XSS protections in the code...

The vulnerability of the CBF_Widget object handler in the PDF electronic document viewing software Foxit PDF Reader (formerly Foxit Reader) allows a perpetrator to execute arbitrary code.

The vulnerability of the CBFWidget object handler in the PDF document viewing software Foxit PDF Reader formerly Foxit Reader is related to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code, provided that the user opens a special...

Piranha CMS Cross-site Scripting vulnerability

A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. This PDF can contain malicious JavaScript code, which is executed when a victim user opens or interacts with the PDF in their web browser, leading to a XSS...

CVE-2024-10385

Ticket management system in DirectAdmin Evolution Skin is vulnerable to XSS Cross-site Scripting, which allows a low-privileged user to inject and store malicious JavaScript code. If an admin views the ticket, the script might perform actions with their privileges, including command execution. ...

CVE-2024-55342

A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. This PDF can contain malicious JavaScript code, which is executed when a victim user opens or interacts with the PDF in their web browser, leading to a XSS...

Grist 跨站脚本漏洞

Grist is a modern relational spreadsheet open-sourced by Grist. A cross-site scripting vulnerability exists in Grist versions prior to 1.3.1, which stems from a vulnerability that allows an attacker to execute malicious JavaScript code, which could lead to compromised user accounts, information...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-15869)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-15854)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-15871)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-15857)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-15853)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-15858)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...